# CCNCore::Provision::Application::sshd
# Copyright (C) 2006, 2007 Stephane Alnet
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
# 

#
# For more information: http://carrierclass.net/
#
use strict; use warnings;

package CCNCore::Provision::Application::sshd;
use base qw(CCNCore::Provision::Base);
use CCN::Text;
use CCNCore::Scripting;

sub run()
{
    my $self = shift;
    return if $self->p->force_manager;
    
    $self->CHECKFOR ('/etc/init.d/ssh');
    $self->CHECKFOR ('/usr/sbin/sshd');

    $self->enable('ssh');
    $self->enable('ssh-server');
    $self->enable('sshd');
    

    my $SSH_LISTEN = '0.0.0.0';  # IPv4
    # my $SSH_LISTEN = '::';   # IPv6

    CAT '/etc/ssh/sshd_config', <<'EOT';
Port 22
ListenAddress 0.0.0.0
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys2
IgnoreRhosts yes
KerberosAuthentication no
GssapiAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog no
UseDNS no
#VerifyReverseMapping no
#ReverseMappingCheck no
ClientAliveInterval 10
KeepAlive yes
TCPKeepAlive yes
Subsystem sftp /usr/lib/openssh/sftp-server
# UsePAM no
UsePAM yes
EOT

    IF_CHANGED '/etc/ssh/sshd_config', '/etc/init.d/ssh restart';

    CAT '/etc/ssh/ssh_config', <<'EOT';
Host *
    RSAAuthentication yes
    StrictHostKeyChecking no
    SendEnv LANG LC_*
    HashKnownHosts yes
EOT
}
1;